package com.ewins.weatherdataclient.https;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/**
 * Created by hp on 2015/12/10.
 */
public class MyX509TrustManager implements X509TrustManager {

    private X509Certificate[] certificates;

    @Override
    public void checkClientTrusted(X509Certificate certificates[],
                                   String authType) throws CertificateException {
        if (this.certificates == null) {
            this.certificates = certificates;
//            System.out.println("init at checkClientTrusted");
        }
    }


    @Override
    public void checkServerTrusted(X509Certificate[] ax509certificate,
                                   String s) throws CertificateException {
        if (this.certificates == null) {
            this.certificates = ax509certificate;
//            System.out.println("init at checkServerTrusted");
        }
//            for (int c = 0; c < certificates.length; c++) {
//                X509Certificate cert = certificates[c];
//                System.out.println(" Server certificate " + (c + 1) + ":");
//                System.out.println("  Subject DN: " + cert.getSubjectDN());
//                System.out.println("  Signature Algorithm: "
//                        + cert.getSigAlgName());
//                System.out.println("  Valid from: " + cert.getNotBefore());
//                System.out.println("  Valid until: " + cert.getNotAfter());
//                System.out.println("  Issuer: " + cert.getIssuerDN());
//            }

    }


    @Override
    public X509Certificate[] getAcceptedIssuers() {
        // TODO Auto-generated method stub
        return null;
    }

//    /*
//     * The default X509TrustManager returned by SunX509.  We'll delegate
//     * decisions to it, and fall back to the logic in this class if the
//     * default X509TrustManager doesn't trust it.
//     */
//    X509TrustManager sunJSSEX509TrustManager;
//
//    public MyX509TrustManager() throws Exception {
//        // create a "default" JSSE X509TrustManager.
//        KeyStore ks = KeyStore.getInstance("JKS");
//        FileInputStream fs = new FileInputStream("lib/security/server.crt");
//        ks.load(fs,
//                "adccadcc".toCharArray());
//        TrustManagerFactory tmf =
//                TrustManagerFactory.getInstance("SunX509", "SunJSSE");
//        tmf.init(ks);
//        TrustManager tms [] = tmf.getTrustManagers();
//        /*
//         * Iterate over the returned trustmanagers, look
//         * for an instance of X509TrustManager.  If found,
//         * use that as our "default" trust manager.
//         */
//        for (int i = 0; i < tms.length; i++) {
//            if (tms[i] instanceof X509TrustManager) {
//                sunJSSEX509TrustManager = (X509TrustManager) tms[i];
//                return;
//            }
//        }
//        /*
//         * Find some other way to initialize, or else we have to fail the
//         * constructor.
//         */
//        throw new Exception("Couldn't initialize");
//    }
//    /*
//     * Delegate to the default trust manager.
//     */
//    public void checkClientTrusted(X509Certificate[] chain, String authType)
//            throws CertificateException {
//        try {
//            sunJSSEX509TrustManager.checkClientTrusted(chain, authType);
//        } catch (CertificateException excep) {
//            // do any special handling here, or rethrow exception.
//        }
//    }
//    /*
//     * Delegate to the default trust manager.
//     */
//    public void checkServerTrusted(X509Certificate[] chain, String authType)
//            throws CertificateException {
//        try {
//            sunJSSEX509TrustManager.checkServerTrusted(chain, authType);
//        } catch (CertificateException excep) {
//            /*
//             * Possibly pop up a dialog box asking whether to trust the
//             * cert chain.
//             */
//        }
//    }
//    /*
//     * Merely pass this through.
//     */
//    public X509Certificate[] getAcceptedIssuers() {
//        return sunJSSEX509TrustManager.getAcceptedIssuers();
//    }
}
